Access control systems that rely on the presentation, by an authorized user, of credentials encoded in a smart card, UHF tag, or other non-biometric device to control access can in some instances be defeated by passback schemes, wherein an individual uses a given set of credentials to obtain access and then “passes back” the same credentials for use by a second individual. For example, many companies provide a smart card to their employees, which card must be presented to a card reader to gain access to a secured facility. On any given occasion, once an employee uses the card to enter the secured facility, the employee could, while the access control mechanism is still open, pass the card to a non-employee, thus permitting the non-employee to gain unauthorized access to the secured facility. Access control systems used to restrict access to paying customers may be defeated in a similar manner, resulting in lost revenue for the controlled-access area's owner.